Protecting Against Credential and Token Theft
In this video I look at credential and token theft and what we can do to protect.
🔎 Looking for content on a particular topic? Search the channel. If I have something it will be there!
🤔 Due to the channel growth and number of people wanting help I no longer can answer or even read questions and they will just stay in the moderation queue never to be seen so please post questions to other sites like Reddit, Microsoft Community Hub etc.
▬▬▬▬▬▬ C H A P T E R S ⏰ ▬▬▬▬▬▬
00:00 - Introduction
00:49 - Credential protection
05:46 - Authentication strengths
07:32 - Protection for strong authentication method registration
08:54 - Additional protections
11:56 - Shift to token theft
12:19 - Tokens we get
13:24 - Secrets on the machine
15:45 - Primary Refresh Token
17:42 - Session Key
19:21 - Refresh and Access Tokens
21:51 - Token theft
24:02 - Protections
24:22 - Entra Internet Access
26:13 - Machine management
29:21 - Token binding
32:20 - Proof of Possession
37:50 - Token brokers and MSAL
39:41 - Requiring token binding
41:59 - Demonstrated Proof of Possession standard
45:13 - Detection
45:42 - Continuous Access Evaluation
46:39 - Identity Protection
48:16 - Summary
51:35 - Close
▬▬▬▬▬▬ K E Y L I N K S 🔗 ▬▬▬▬▬▬
► Whiteboard:
🔗 raw.githubusercontent.com/joh...
► Token Protection
🔗 learn.microsoft.com/entra/ide...
🔗 techcommunity.microsoft.com/t...
▬▬▬▬▬▬ Want to learn more? 🚀 ▬▬▬▬▬▬
📖 Recommended Learning Path for Azure
🔗 learn.onboardtoazure.com
🥇 Certification Content Repository
🔗 github.com/johnthebrit/Certif...
📅 Weekly Azure Update
🔗 • Azure Infrastructure U...
☁ Azure Master Class
🔗 • Microsoft Azure Master...
⚙ DevOps Master Class
🔗 • DevOps Master Class
💻 PowerShell Master Class
🔗 • PowerShell Master Class
🎓 Certification Cram Videos
🔗 • Microsoft Certificatio...
🧠 Mentoring Content
🔗 • Virtual Mentoring
❔ Questions? Maybe I answered it in my FAQ
🔗 savilltech.com/faq
👕 Cure Childhood Cancer Charity T-Shirt Channel Store
🔗 johns-t-shirts-store.creator-...
👂 Enable the subtitles and from there you can translate to your native language via the auto-translate feature in settings! • KZread Captions and A... for a demo of using this feature.
SUBSCRIBE ✅ / @ntfaqguy
#microsoft #passkeys #johnsavillstechnicaltraining
Пікірлер: 33
Hey everyone, wanted to look at credential and token theft as something impacting nearly every organization! Please make sure to read the description for the chapters and key information about this video and others. ⚠ P L E A S E N O T E ⚠ 🔎 If you are looking for content on a particular topic search the channel. If I have something it will be there! 🕰 I don't discuss future content nor take requests for future content so please don't ask 😇 🤔 Due to the channel growth and number of people wanting help I no longer can answer or even read questions and they will just stay in the moderation queue never to be seen so please post questions to other sites like Reddit, Microsoft Community Hub etc. 👂 Translate the captions to your native language via the auto-translate feature in settings! kzread.info/dash/bejne/qGmWl5VmgMqrnaw.html for a demo of using this feature. Thanks for watching! 🤙
Forget oAuth we need jAuth, no-one is stealing tokens from those biceps
@NTFAQGuy
Ай бұрын
lol
@LifeisbetterwithaMalinois
Ай бұрын
Agree..Sir John please get going on this tech😊 Thanks sir John awesome video as always😊
Great video John! lots of valuable insights on token theft protection, mitigation and detection. The in depth and easy to follow explanation and sequence flow involving DK, TK, PRT, ST, RT, AT and hard binding was fantastic and the best I have come across on authentication and auth. We need this level of technical depth and awareness to appreciate the Microsoft technology stack! This reinforces that accessing corporate data from BYOD devices should not be taken lightly. Either register or join the device and manage it to make it complaint and get full benefit of token binding, CAE, device compliance checks.. , or use W365/AVD (MAM for W365 and AVD for Windows is coming, iOS and Android is now in Preview). Thanks, Reeti
Thanks again John! I was literally investigating this last week (currently rolling out Yubikeys to Prod), and now this is in my lap! You are the MVP o7
@NTFAQGuy
Ай бұрын
Glad to help!
This is one of the most valuable videos. This will allow us to do everything else.
Another Great Video John! , thanks for making these great easy to follow lessons!
Excellent video. Clear and concise. Video disc. The large album-sized ones.
Another great video John. I loved the conditional access piece until I realized it required Entra ID P2. I guess we will have to hope the open standard develops a bit so we all have something we can use.
Savill, Thank you so much! Learn a lot from your series of high quality sharing.
@NTFAQGuy
Ай бұрын
Happy to hear that!
Really intresting as always, thank you !
Great video as always, and very informative and full of knowledge!!! 😎
@NTFAQGuy
Ай бұрын
Glad you enjoyed it!
enjoying this video for today learning, thanks a lot!
Wham! Great video as always.
Awesome session thanks :-)
Awesome, thank you 🙂
Brilliant, engaging, timely and useful.
@NTFAQGuy
26 күн бұрын
Glad it was helpful!
Great video John, thanks for sharing
@NTFAQGuy
Ай бұрын
Glad you enjoyed it
Thank you!!!
Thanks again , very nice walk-though 🙂
@NTFAQGuy
Ай бұрын
Thanks!
Another great video. Less than 300 employees and we have all of this enabled. Good goto this explanation.
@NTFAQGuy
Ай бұрын
Thanks for watching!
much needed
Saviour!!!😊
How the heck do you know all this information?? Great work!
@NTFAQGuy
24 күн бұрын
JohnGPT lol